Hello, welcome to the Wednesday, July 11th, 2018 edition of the Sansa and Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Microsoft patched Tuesday today and we got patches for 54 different vulnerabilities, three of which were publicly disclosed by the time Microsoft got

around to patch them. Overall, however, this doesn't really look all that interesting. A lot of

these vulnerabilities that are being addressed are of course in web browsers, again sort of

JavaScript issues and like

things that yes you should patch quickly but nothing really that sort of sticks out

here. 17 out of the 54 or 53 if you don't count Adobe vulnerabilities are

critical.

What's almost more interesting than the official patches is a change that was made to Office 365 and that change does no longer allow the embedding of setting content MS files.

Remember, those were these XML files that actually could

include executable code. This was one way how attackers got reasonably around some of the

macro restrictions and such that we have in Office documents. Since this was changed in Office 365, there isn't really a patch or anything

that you need to apply for this particular issue. Now on Adobe's end, in addition to the

Adobe Flash Player update that we also have included in the Microsoft update. We also got updates for Adobe Experience Manager, Connect, and Acrobat and PDF Reader.

The last one, definitely don't forget that one, PDF Reader, is always a tempting target.

Even though in this case, Adobe only gives the Adobe Reader

patches a priority rating of two. So overall I think it's an average patch Tuesday.

Do focus on these browser issues. That's the most likely thing that's going to get

exploited and I really consider sort of

Adobe Flash part of this. So make sure that's all up to date. And then we got what looks like

a Miri variant going after Android devices that have the Android debug britcher ADB exposed.

...